It is possible to deploy a DeltaV repository in which only DeltaV-compatible clients are fully supported and plain WebDAV clients can browse but are unable to author resources on their own. That's the easy behavior: The repository simply has to forbid write operations to checked-in resources. Although accepting this kind of limitation for DeltaV as a whole would have made its design simpler, it was always thought that DeltaV systems should be WebDAV compliant: A non-DeltaV client should be able to view and edit versioned resources. This section discusses how backward compatibility is ensured and managed. In addition to allowing plain WebDAV clients to modify checked-out resources with PUT and PROPPATCH, DeltaV servers must consider how GET, LOCK, MOVE, and COPY are handled with non-DeltaV clients. 11.6.1 Read Operations and UPDATEAn HTTP client can use GET without knowing if the resource supports WebDAV. Similarly, a WebDAV client can use GET and PROPFIND without having to know if the resource is under version control. If the server supports UPDATE, this feature changes how all these read requests work. UPDATE does this by changing the target version of a VCR, which also changes the checked-in property value to point to the new target version. Section 11.2.1 explained that a target version is the version whose contents and dead properties are exposed by the checked-in VCR. Figure 11-7 shows a resource where the target version, and thus the content exposed in the checked in VCR, is not the latest version. Figure 11-7. Versioned resource after UPDATE.There are a number of reasons to use UPDATE:
Here are some of the operations affected:
11.6.2 Auto-Version: Enabling Write OperationsWrite operations are a little harder to handle, because a WebDAV-only client will not know to do CHECKOUT and CHECKIN operations. The server could forbid all write operations on VCRs that aren't checked out, but this would prevent existing WebDAV authoring applications being used with DeltaV servers. Therefore, the server must have a way to allow write operations and automatically create new versions. DeltaV defines the auto-version property on a VCR to indicate or control how the server will handle write operations without an explicit CHECKOUT operation. The server must either manage or watch the property value and enforce behavior accordingly. Clients may be interested in the value of this property to predict what the server will do, or they may on some servers be allowed to give the property a new value to change auto-versioning behavior for that resource. Table 11-3 explains each of the possible values for this property. If the auto-version property is not null, then write operations on that VCR can succeed even when it is checked in. The server must behave as if the client sent CHECKOUT and CHECKIN operations at certain points in time. Those points in time depend on the value of auto-version. The auto-version property can be empty or contain one of four values: checkout-checkin, checkout-unlocked-checkin, checkout, or locked-checkout. The checkout-unlocked-checkin value is particularly useful because it allows any WebDAV client to edit the resource, including both clients that don't understand DeltaV and clients that don't use locks. It has excellent characteristics when locks are used. Some nonversioning WebDAV clients, such as the Office 2000 client, always lock a resource while editing it online. While the resource is locked, the client may issue many PUT requests.
The checkout value is not so useful because it requires versioning-aware clients to check the resource in eventually; otherwise, all changes will accumulate without creating new versions. However, it can be useful when a version-control client is used in conjunction with a regular WebDAV authoring tool: The version-control client can be used to check out and check in the resource, while the authoring tool can be used to edit the resource. Many source control versioning systems already operate in this manner. Clients may be able to change the value of the auto-version property to tell the server exactly how to automatically create versions. Servers are not required to allow the property to be changed, however. Servers may support all four options, some, or none. The value of the property could change depending on the resource. Whenever a VCR is checked in after being edited in place with auto-versioning, the server must automatically set the target version of the VCR to be the new version. Otherwise, nonversioning clients would never see the results of their work. 11.6.3 LockingLocking deserves special consideration because if non-DeltaV clients can unknowingly check out or check in a resource, a DeltaV client could also accidentally check out or check in. Avoiding accidental checkouts is easy: Don't issue a write operation to a VCR unless it's already checked out. Avoiding accidental checkins is a little tricker because the resource may be checked in if it is locked and then unlocked. The client should not issue LOCK and then UNLOCK (without any CHECKOUT before or between) unless it knows the server's auto-versioning behavior. Server implementors have a great responsibility here to think through locking and versioning to make sure all possible combinations of operations behave properly. Otherwise, it's too difficult to write a client that can interoperate with a variety of servers. These are guidelines I've developed for servers based on the requirements in the DeltaV specification as well as an analysis of how a client would attempt to perform various tasks:
Locking before checkout is highly beneficial to avoid race conditions, too. A DeltaV client might issue a PROPPATCH request to a resource it believes to be checked in, to quickly change a property value. If another DeltaV client checked out the resource just before the PROPPATCH request without locking the resource, the property change would accidentally become part of the checkout, not an independent change. With checkout state, there's no parallel to the way the If header allows the client to verify lock state (Section 8.4.2), so the client can't make operations conditional on the checkout state of the resource. 11.6.4 "Safe Save" Problems with Existing ClientsIt's not easy to support regular WebDAV clients editing VCRs. Some applications use "safe save" algorithms that can accidentally overwrite versioned resources with unversioned resources. Safe save algorithms were designed for local or remote unversioned file systems, but these applications sometimes use a layer that mimics the local file system, so the application is unaware it is even using a versioning repository. When saving a file, the application needs to have a backup copy in case something goes wrong while making changes. File system write operations are often done piece by piece, so if the write is interrupted in the middle, the file could be left corrupted. To keep from corrupting an important file in this manner, the application may save to a temporary file. If all the partial writes work, then the application can move or copy the temporary file over the original file. Since the operating system is responsible for the move or copy operation working atomically, this process should help avoid file corruption. The temporary file may be deleted or left around as a backup. For example, TextEdit on Mac OS X creates a backup file by appending a tilde character (~) to the file name and saving the file. TextEdit can be configured not to keep backup files, but unfortunately it still creates the backup files and then deletes them. When the Mac OS X WebDAV client receives these commands from TextEdit, the client requests a MOVE of my.txt to my~.txt, PUT to my.txt, then DELETE my~.txt. Let's walk through the confusion this causes:
One could imagine having special logic in the server to deal with this situation. The server could decide to forbid the DELETE of a VCR, but this would leave a clutter of backup files. Alternatively, the server could watch for PUT operations to URLs that previously had a version history, and the server would restore (perhaps duplicate) the version history. However, there are legitimate MOVE/PUT combinations where the new file is supposed to have a new version history. The server could also look out for telltale file names such as those with a first part ending in ~, but in practice there are many such temporary file-naming systems, and some of them are stupidly similar to what a human might name a file. Finally, it's difficult to watch for all safe save algorithms, because they differ greatly, not only in how they name files but also in what operations are used. Apple's default mail program does a PUT to a temp file and then a MOVE to the real URL. Some Macintosh OS X software using system APIs employs a four-step procedure to save new content to my.txt:
Safe save algorithms are not recommended for use with any WebDAV server, and particularly not with DeltaV servers. If client software must use a safe save algorithm, there is one that will work adequately with versioning, although it is not ideal:
|